Steps to install ENTM 14.0 on RHEL7.4 with MSSQL DB and Active Directory as User Store

book

Article ID: 140476

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

This is to provide steps required to install ENTM 14.0 on RHEL7.4 with MSSQL DB and Active Directory as User Store
 

Environment

Release : 14.0

Component : CA ControlMinder

Resolution

# This is based on RHEL7.4 OS and ENTM 14.0 fresh installation with AD as User Store.

# Assuming yum is configured to install packages

# Following article informs SS04430 patch is required. This is a dedicated installer released certifying RHEL7.4 onwards.

# https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/14-0/release-information/solutions-amp-patches.html

# Following article explains which packages are required and what are not.

# https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/14-0/implementing/install-the-enterprise-management-server/prepare-the-server.html#concept.dita_a8c24da723fe5b2563786ec1f03b8c4ac34deaa7_Linux


#!==========[ACTION ITEMS ON THE MSSQL SERVER WHERE CENTRAL DATABASE WILL BE HOSTED]=======!#


# Create a DB User under "Security-Logins" as sample below.

# Login name: entm143admin

# [x] SQL Server authentication

# Password: <yourpassword>

# [ ] Enforce password policy

# The rest is default.

#

# Create a new DB instance as sample below. 

# [General] Database name: ENTM143

# [General] Owner: entm143admin

# [Options] Collation: SQL_Latin1_General_CP1_CI_AS

# The rest is default.

# Update "entm143admin" user again.

# [General] Default database: ENTM143

# Click OK

#


#!==========[ACTION ITEMS ON THE MSSQL SERVER WHERE ACTIVE DIRECTORY IS INSTALLED]=========!#


# 2 Administrative Accounts are needed.

# Create 2 users that will be used for ENTM.

# CN=Administrator,CN=Users,DC=ldap1,DC=lab

# CN=SystemUser,CN=Users,DC=ldap1,DC=lab

#

#



#!==============[ACTION ITEMS ON THE LINUX SERVER WHERE ENTM WILL BE INSTALLED]=============!#


# Ensure the OS is 64bit

# [[email protected]]# uname -m

# x86_64

#



# Add /etc/hosts entry with short hostname

# [[email protected]]# ifconfig |head -2

# ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

#         inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255

# [[email protected]]# vi /etc/hosts

# 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

# ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# 192.168.0.10 entm



# Ensure there are sufficient entropy, over 3000 or configure rngd (rngd -r /dev/urandom -o /dev/random)

# [[email protected]]# cat /proc/sys/kernel/random/entropy_avail

# 3249

#



# Set the file descriptor to 10000

# [[email protected]]# ulimit –n 10000

#



# Ensure firewall is not blocking the ports that will be used by PIM ENTM.

# Documentation instructs the following to be run but this is not applicable to RHEL7.x

# iptables -I INPUT -p tcp --dport <http_port_number> -j ACCEPT 

# iptables -I INPUT -p tcp --dport <https_port_number> -j ACCEPT 

# iptables -I INPUT -p tcp --dport <MessageQueue_port_number> -j ACCEPT 

# iptables -I INPUT -p tcp --dport <WebService_port_number> -j ACCEPT 

# iptables -I INPUT -p tcp --dport <Policy_Management_port_number> -j ACCEPT

# service iptables save

#

# Because on RHEL7 firewalld is used instead of iptables.

# Check which one is in use and run the commands according to the service used.

#

# [[email protected]]# systemctl status firewalld

# ● firewalld.service - firewalld - dynamic firewall daemon

#    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

#    Active: active (running) since Sun 2019-11-17 14:18:25 PST; 2 days ago

#      Docs: man:firewalld(1)

#  Main PID: 748 (firewalld)

#    CGroup: /system.slice/firewalld.service

#            └─748 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

# Nov 17 14:18:24 localhost.localdomain systemd[1]: Starting firewalld - dynami...

# Nov 17 14:18:25 localhost.localdomain systemd[1]: Started firewalld - dynamic...

# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: ICMP type 'bey...

# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: beyond-scope: ...

# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: ICMP type 'fai...

# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: failed-policy:...

# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: ICMP type 'rej...

# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: reject-route: ...

# Hint: Some lines were ellipsized, use -l to show in full.

#

# [[email protected]]# systemctl status iptables

# Unit iptables.service could not be found.

# In the above case, firewalld is in use. iptables is not installed.

# Check what firewall rules are in place

#  

# [[email protected]]# firewall-cmd --list-all

# public (active)

#   target: default

#   icmp-block-inversion: no

#   interfaces: ens33

#   sources:

#   services: ssh dhcpv6-client

#   ports:

#   protocols:

#   masquerade: no

#   forward-ports:

#   source-ports:

#   icmp-blocks:

#   rich rules:

#

# [public] zone is set by default. In the above default configuration, nothing is being blocked so you can just go ahead and skip to next step.

# If you must configure the ports then you can perform the following to add those ports.

#

# [[email protected]]# firewall-cmd --zone=public --add-port=8080/tcp

# [[email protected]]# firewall-cmd --zone=public --add-port=18080/tcp

# [[email protected]]# firewall-cmd --zone=public --add-port=8443/tcp

# [[email protected]]# firewall-cmd --zone=public --add-port=18443/tcp

# [[email protected]]# firewall-cmd --zone=public --add-port=61616/tcp

# [[email protected]]# firewall-cmd --zone=public --add-port=5248/tcp

# [[email protected]]# firewall-cmd --zone=public --add-port=8891/tcp

# [[email protected]]# systemctl restart network.service

# [[email protected]]# systemctl restart firewalld.service

#



# Install prerequisite libraries

# [[email protected]]# yum install -y audit-libs.i686 audit-libs.x86_64 audit-libs-devel.x86_64 audit-libs-python.x86_64 bc.x86_64 boost-devel.x86_64 cairo.x86_64 compat-db.x86_64 compat-db42.x86_64 compat-db43.x86_64 compat-expat1.x86_64 compat-glibc.x86_64 compat-glibc-headers.x86_64 compat-libcap1.x86_64 compat-libf2c.x86_64 compat-libgfortran.x86_64 compat-libstdc++.i686 compat-libstdc++.x86_64 compat-libtermcap.x86_64 compat-openldap.x86_64 compat-openmpi.x86_64 compat-openmpi-psm.x86_64 compat-opensm-libs.x86_64 compat-readline5.x86_64 cracklib.x86_64 db4.i686 db4.x86_64 dejavu-fonts-common.noarch dejavu-sans-mono-fonts.noarch dos2unix.x86_64 elfutils.x86_64 elfutils-libs.x86_64 fprintd-pam.x86_64 freerdp.x86_64 freerdp-libs.x86_64 glib2-devel.x86_64 glibc.i686 glibc.x86_64 glibc-common.x86_64 glibc-devel.x86_64 glibc-headers.x86_64 gnome-keyring-pam.x86_64 ksh.x86_64 libICE.i686 libICE.x86_64 libICE-devel.x86_64 libSM.i686 libSM.x86_64 libSM-devel.x86_64 libXext.i686 libXext.x86_64 libXext-devel.x86_64 libXp.i686 libXp.x86_64 libXpm.x86_64 libXt.i686 libXt.x86_64 libXt-devel.x86_64 libXtst.x86_64 libXtst-devel.x86_64 libgcc.i686 libgcc.x86_64 libpng.x86_64 libselinux.i686 libselinux.x86_64 libssh2.x86_64 libstdc++.x86_64 libstdc++-.i686 libstdc++-devel.x86_64 mksh.x86_64 ncurses.x86_64 ncurses-base.x86_64 ncurses-devel.i686 ncurses-devel.x86_64 ncurses-libs.i686 ncurses-libs.x86_64 pam.i686 pam.x86_64 pam-devel.x86_64 pam_krb5.x86_64 pam_passwdqc.x86_64 pango.x86_64 rpm-build.x86_64

# [[email protected]]# yum install -y redhat-lsb

# In case if yum did not install the /lib/libstdc++.so.5 then you can check your Redhat subscription to add additional libraries.

# Or as a workaround compat-libstdc++-33-3.2.3-69.el6.i686.rpm can be obtained from RHEL6.10 ISO file.

# [[email protected]]# rpm -ivh compat-libstdc++-33-3.2.3-69.el6.i686.rpm

# If this is not installed, then ENTM installation will fail.

#



# Extract the SS04430 zip file and there are 2 iso files.

# CA_PIM_PRM_SRV_14.0.0_1235_LNX.iso == This is the actual installer binary

# CA_PIM_PRM_3PARTY_14.0.0_1235_LNX.iso == This is 3rd party software required for ENTM installation.

#



# Mount the CA_PIM_PRM_3PARTY_14.0.0_1235_LNX.iso to Redhat machine.

# [[email protected]]# mkdir /media/iso

# [[email protected]]# blkid

# /dev/sda1: UUID="a97cef91-fa07-414f-8906-bf863b7ea12b" TYPE="xfs"

# /dev/sda2: UUID="54b87c98-3c0d-4f3b-802c-8019673b26b6" TYPE="swap"

# /dev/sda3: UUID="2ca85516-9cd1-4223-8c32-19d3557c397e" TYPE="xfs"

# /dev/sr0: UUID="2018-07-02-05-27-40-00" LABEL="CA_PIM_3P_14.0.0_Linux" TYPE="iso9660"

# [[email protected]] mount /dev/sr0 /media/iso

# [[email protected]] mount: /dev/sr0 is write-protected, mounting read-only

# [[email protected]] cd /media/iso

# [[email protected]] ls 

# ActiveMQ  JBoss-4.2.3  JDK-1.8.101  TRANS.TBL  UnlimitedJCE

# [[email protected]]# cd JDK-1.8.101

# [[email protected] JDK-1.8.101]# cd _x64/

# [[email protected] _x64]# rpm -ivh jdk-8u101-linux-x64.rpm

# Preparing...                          ################################# [100%]

# Updating / installing...

#    1:jdk1.8.0_101-2000:1.8.0_101-fcs  ################################# [100%]

# Unpacking JAR files...

#         tools.jar...

#         plugin.jar...

#         javaws.jar...

#         deploy.jar...

#         rt.jar...

#         jsse.jar...

#         charsets.jar...

#         localedata.jar...

# This installs java to /usr/java/

# [[email protected] _x64]#

#



# Apply JCE patch

# [[email protected]]# cd /media/iso/UnlimitedJCE/

# [[email protected] UnlimitedJCE]# ./Unlimited_JCE_Jar_Replace.sh

# Please enter your JRE PATH: <<[Default]/usr/java/jdk1.8.0_101/jre>>

# JRE path is:  /usr/java/jdk1.8.0_101/jre

# JCE backup path is:  /opt/backup

# Please enter PATH of new UnlimitedJCEPolicyJDK8 jar files: <</usr/tmp/newjars>>

# /media/iso/UnlimitedJCE

# New UnlimitedJCEPolicyJDK8 path is:  /media/iso/UnlimitedJCE

# Files are successfully copied to /usr/java/jdk1.8.0_101/jre/lib/security

#



# Update java.security to allow RC4 cipher which is required by TIBCO MESSAGE QUEUE

# [[email protected]]# vi /usr/java/jdk1.8.0_101/jre/lib/security/java.security

#

# Locate the following line and remove "RC4, " and save.

# jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768

# change to

# jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 768

#

#


 

# Add JDK/bin folder to PATH

# [[email protected] _x64]# export PATH=/usr/java/jdk1.8.0_101/bin:$PATH

#



# Unzip JBoss

# [[email protected]]# cd /opt

# [[email protected] opt]# unzip /media/iso/JBoss-4.2.3/jboss-4.2.3.GA.zip

#



# Modify JBoss to listen on PIM recommended ports.

# [[email protected] opt]# JBOSS_DIR=/opt/jboss-4.2.3.GA

# [[email protected] opt]# sed -i s/"8080"/"18080"/ $JBOSS_DIR/server/default/deploy/jboss-web.deployer/server.xml

# [[email protected] opt]# sed -i s/"8443"/"18443"/ $JBOSS_DIR/server/default/deploy/jboss-web.deployer/server.xml

# [[email protected] opt]# sed -i s/"1099"/"11099"/ $JBOSS_DIR/server/default/conf/jboss-service.xml

#



# Install ActiveMQ

# [[email protected]]# cd /media/iso/ActiveMQ

# [[email protected] ActiveMQ]# ./install_ActiveMQ.bin -i console

# Preparing to install...

# Extracting the installation resources from the installer archive...

# Configuring the installer for this system's environment...

# Launching installer...

# ===============================================================================

# Choose Locale...

# ----------------

#     1- Deutsch

#   ->2- English

#     3- Español

#     4- Français

#     5- Italiano

#     6- Português  (Brasil)

# CHOOSE LOCALE BY NUMBER:

# ===============================================================================

# ActiveMQ                                         (created with InstallAnywhere)

# -------------------------------------------------------------------------------

# Preparing CONSOLE Mode Installation...

# ===============================================================================

# License Agreement

# -----------------

# .....

# .....

# .....

# DO YOU ACCEPT THE TERMS OF THIS LICENSE AGREEMENT? (Y/N): y

# ===============================================================================

# Choose Install Folder

# ---------------------

#   Default Install Folder: /opt/activemq

# ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT

#       :

# ===============================================================================

# Web Console Settings

# --------------------

# Please define the port, administrator username, and password for the ActiveMQ

# Web Console.

# Web Console Port:  (Default: 8161):

# Administrator Username:  (Default: admin):

# ===============================================================================

# Web Console Settings

# --------------------

# Web Console Administrator Password::

# ===============================================================================

# Web Console Settings

# --------------------

# Confirm Password::

# ===============================================================================

# Pre-Installation summary

# ------------------------

# Please Review the Following Before Continuing:

# Product Name:

#     ActiveMQ

# Install Folder:

#    /opt/activemq

# Broker Name:

#     hostname

# Web Console Port:

#     8161

# Administrator Username:

#     admin

# Disk Space Information (for Installation Target):

#      Required:  88,657,180 Bytes

#     Available: 127,027,798,016 Bytes

# PRESS <ENTER> TO CONTINUE:

# ===============================================================================

# Installing...

# -------------

#  [==================|==================|==================|==================]

#  [------------------|------------------|------------------|------------------]

# ===============================================================================

# Installation Complete

# ---------------------

# Congratulations! ActiveMQ has been successfully installed to:

# /opt/activemq

# PRESS <ENTER> TO EXIT THE INSTALLER:



# Unmount the /dev/sr0 as the  CA_PIM_PRM_3PARTY_14.0.0_1235_LNX.iso is no longer required.

# [[email protected]]# umount /media/iso



# Mount CA_PIM_PRM_SRV_14.0.0_1235_LNX.iso to DVD tray.

# [[email protected]]# blkid

# /dev/sr0: UUID="2018-07-02-05-29-13-00" LABEL="CA_PIM_PS_14.0.0_Linux" TYPE="iso9660"

# /dev/sda1: UUID="a97cef91-fa07-414f-8906-bf863b7ea12b" TYPE="xfs"

# /dev/sda2: UUID="54b87c98-3c0d-4f3b-802c-8019673b26b6" TYPE="swap"

# /dev/sda3: UUID="2ca85516-9cd1-4223-8c32-19d3557c397e" TYPE="xfs"

#

# [[email protected]]# mount /dev/sr0 /media/iso

# mount: /dev/sr0 is write-protected, mounting read-only

#



# Install the Enterprise Management Server

# [[email protected]]# cd /media/iso/EnterpriseMgmt/Disk1/InstData/NoVM 

# [[email protected] NoVM]# ./install_EntM.bin -i console -DLICENSE_KEYWORD=Proceed

# Preparing to install...

# Extracting the installation resources from the installer archive...

# Configuring the installer for this system's environment...

# Launching installer...

# ===============================================================================

# Choose Locale...

# ----------------

#     1- Deutsch

#   ->2- English

#     3- Español

#     4- Français

#     5- Italiano

#     6- Português  (Brasil)

# CHOOSE LOCALE BY NUMBER:

# ===============================================================================

# CA Privileged Identity Manager Enterprise Server (created with InstallAnywhere)

# -------------------------------------------------------------------------------

# Preparing CONSOLE Mode Installation...

# ===============================================================================

# Introduction

# ------------

# InstallAnywhere will guide you through the installation of CA Privileged

# Identity Manager Enterprise Server.

# It is strongly recommended that you quit all programs before continuing with

# this installation.

# Click the 'Next' button to proceed to the next screen. If you want to change

# something on a previous screen, click the 'Previous' button.

# You may cancel this installation at any time by clicking the 'Cancel' button.

# PRESS <ENTER> TO CONTINUE:

# ===============================================================================

# Enterprise Management installation type

# ---------------------------------------

# Select the Enterprise Management installation type

#   ->1- Primary Enterprise Management Server

#     2- Load Balancing Enterprise Management Server

# ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT::

# ===============================================================================

# Choose Install Folder

# ---------------------

# Please choose a destination folder for this installation.

#   Default Install Folder: /opt/CA/AccessControlServer

# ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT

#       :

# ===============================================================================

# Java Development Kit (JDK)

# --------------------------

# Specify the location of an existing JDK installation:

#   ->1- /usr/java/jdk1.8.0_101/bin/java

#     2- Choose a Java VM already installed on this system

# ENTER THE NUMBER FOR THE JAVA VM, OR PRESS <ENTER> TO ACCEPT THE

#       CURRENT SELECTION:

# Unable to install the Java Virtual Machine included with this installer.

# ===============================================================================

# JBoss Application Server Settings

# ---------------------------------

# Please enter the application server settings.

# JBoss Folder (no spaces): (Default: /opt/jboss-4.2.3.GA):

# App Server Port: (Default: 18080):

# App Server HTTPS Port: (Default: 18443):

# App Server Naming Port: (Default: 11099):

# ===============================================================================

# Tomcat Application Server Settings

# ----------------------------------

# Please enter the application server settings.

# Tomcat port: (Default: 8080):

# Tomcat HTTPS port: (Default: 8443):

# ===============================================================================

# ActiveMQ information

# --------------------

# Please select the location of the ActiveMQ broker installation

# ActiveMQ Home: (Default: /opt/activemq):

# ===============================================================================

# Communication Password

# ----------------------

# Enter the Password::

# ===============================================================================

# Communication Password

# ----------------------

# Confirm Password: :

# ===============================================================================

# Database Type

# -------------

# Specify the database type used to store information:

#     1- Oracle Database 11g/12c

#   ->2- Microsoft SQL Server 2012/2014

# ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT::

# ===============================================================================

# Database Connection Information

# -------------------------------

# Define the database connection:

# Host Name: (Default: sqlserver): 192.168.0.31

# Port Number: (Default: 1433):

# Database Name: (Default: ): ENTM143

# Username: (Default: ): entm143admin

# ===============================================================================

# Enter Password:

# ---------------

# Enter the Password::

# ===============================================================================

# User Store Type

# ---------------

# Specify the user store that you want to use for this product:

#     1- Active Directory

#     2- Embedded User Store

#     3- Other User Store

# ENTER THE NUMBER OF THE DESIRED CHOICE: 1

# ===============================================================================

# Active Directory Information

# ----------------------------

# Define the Active Directory connection settings:

# Host: (Default: activedirectory): 192.168.0.1

# Port: (Default: 389):

# Search Root: (Default: ): DC=ldap1,DC=lab

# User DN: (Default: CN=Administrator,cn=Users,DC=ldap1,DC=lab): CN=Administrator,CN=Users,DC=ldap1,DC=lab

# ===============================================================================

# Enter Password:

# ---------------

# Enter the Password::

# ===============================================================================

# Administration Information

# --------------------------

# Define the information that you will use to log in to this product with an

# existing Active Directory administrator account:

# System Manager DN:  (Default: ): CN=SystemUser,CN=Users,DC=ldap1,DC=lab

# ===============================================================================

# Pre-Installation Summary

# ------------------------

# Review the following before you continue:

# Product Name:

#     CA Privileged Identity Manager Enterprise Server

# Install Folder:

#     /opt/CA/AccessControlServer

# Application Server:

#     JBoss

# JBoss Folder:

#     /opt/jboss-4.2.3.GA

# JBoss URL and Port:

#     http://entm:18080

# JBoss HTTPS Port:

#     18443

# JDK Folder:

#     /usr/java/jdk1.8.0_101

# Database Type:

#     Microsoft SQL Server 2012/2014

# Host Name:

#     192.168.0.31

# Port Number:

#     1433

# Database Name:

#     ENTM143

# User Name:

#     entm143admin

# Database Type:

#     Active Directory

# Host:

#     192.168.0.1

# Port:

#     389

# Search Root:

#     DC=ldap1,DC=lab

# User DN:

#     CN=Administrator,CN=Users,DC=ldap1,DC=lab

# System User:

#     CN=SystemUser,CN=Users,DC=ldap1,DC=lab

# Tomcat port:

#     8080

# Tomcat HTTPS port:

#     8443

# PRESS <ENTER> TO CONTINUE:

# ===============================================================================

# Installing...

# -------------

#  [==================|==================|==================|==================]

#  [------------------|------------------|------------------|------------------]

# ===============================================================================

# Installation Complete

# ---------------------

# Congratulations! CA Privileged Identity Manager Enterprise Server has been

# successfully installed to:

#     /opt/CA/AccessControlServer

# PRESS <ENTER> TO EXIT THE INSTALLER:



# Update SSL Certificate

# [[email protected]]# hostname --fqdn

# entm

#

# In this case the "hostname --fqdn" returned short hostname which is not preferred.

# In that case, set the FQDN to hostname as below but must ensure it will resolve to this server ip address.

# [[email protected]]# 

# [[email protected]]# HOSTNAME=entm.ldap1.lab

# [[email protected]]# echo "Removing the existing keystore"

# [[email protected]]# cd /opt/CA/AccessControlServer/apache-tomcat-7.0.72/

# [[email protected]]# rm .keystore

# [[email protected]]# echo "Generating new keystore for Tomcat"

# [[email protected]]# keytool -genkey -alias "tomcat" -keystore ".keystore" -storepass changeit -keypass changeit -keyalg RSA -dname "CN=${HOSTNAME}, OU=ou, O=myOrg, L=city, ST=state, C=cc"



# Install Tibco Message Queue

# [[email protected]]# cd /media/iso/TibcoMessageQueue/

# [[email protected]]# ./install_MessageQueue.bin -i console

# Preparing to install...

# Extracting the installation resources from the installer archive...

# Configuring the installer for this system's environment...

# Launching installer...

# ===============================================================================

# Choose Locale...

# ----------------

#    1- Deutsch

#  ->2- English

#    3- Español

#    4- Français

#    5- Italiano

#    6- Português  (Brasil)

#

# CHOOSE LOCALE BY NUMBER:

# ===============================================================================

# CA Privileged Identity Manager Message Queue     (created with InstallAnywhere)

# -------------------------------------------------------------------------------

# Preparing CONSOLE Mode Installation...

# ===============================================================================

# Choose Install Folder

# ---------------------

#   Default Install Folder: /opt/CA/AccessControlServer/MessageQueue

# ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT

#      :

# ===============================================================================

# Please choose folder where Active MQ is installed

# -------------------------------------------------

# Please choose folder where Active MQ is installed

# ActiveMQ Home (Default: /opt/activemq):

# ===============================================================================

# Enterprise Management installation type

# ---------------------------------------

# Select the Enterprise Management installation type

#  ->1- Primary Enterprise Management Server

#    2- Load Balancing Enterprise Management Server

#    3- Distribution Server

#

# ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT::

# ===============================================================================

# Please choose folder where AccessControl is installed

# -----------------------------------------------------

# Please choose folder where AccessControl is installed

# AccessControl Home (Default: /opt/CA/AccessControlServer):

# ===============================================================================

# The password is used for administrating the message queues, reading messages,

# sending message by the report agents and for protecting the default server

# encryption key store. Note: We recommend that you replace the default key

# store after installation.

# Password::

# ===============================================================================

# Confirm Password::

# ===============================================================================

# Pre-Installation summary

# ------------------------

# Please Review the Following Before Continuing:

# Product Name:

#     CA Privileged Identity Manager Message Queue

# Install Folder:

#     /opt/CA/AccessControlServer/MessageQueue

# Application Version:

#     14.0.0.1235

# Disk Space Information (for Installation Target):

#    Required:  251,779,837 Bytes

#    Available: 124,248,899,584 Bytes

# PRESS <ENTER> TO CONTINUE:

# ===============================================================================

# Installing...

# -------------

# [==================|==================|==================|==================]

# [------------------|------------------|------------------|------------------]

# ===============================================================================

# Installation Complete

# ---------------------

# Congratulations.Tibco Message Queue has been successfully installed.

# PRESS <ENTER> TO EXIT THE INSTALLER:

#

# Verify the Tibco Message Queue bridging is enabled referring the documentation below.

# https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/14-0/implementing/install-the-enterprise-management-server/install-the-tibco-message-queue.html

#

#


# Unmount the /dev/sr0 as the installer is no longer required

# [[email protected]]# umount /media/iso

#



# Check ENTM service status

# [[email protected]]# cd /opt/CA/AccessControlServer

# [[email protected]]# ./pimctl.sh status

# CA Privileged Identity Manager

# Copyright (c) 2016 CA. All rights reserved.

# activemqd                                        [ RUNNING ]

# im_jcs                                           [ RUNNING ]

# proxymanager                                     [ RUNNING ]

# tomcatd                                          [ RUNNING ]

# guacd                                            [ RUNNING ]

# eventforwarder                                   [ RUNNING ]

# jbossd                                           [ RUNNING ]

# CA ControlMinder Security Daemon                 [ RUNNING ]

# CA ControlMinder Watchdog Daemon                 [ RUNNING ]

# CA ControlMinder Agent Daemon                    [ RUNNING ]

# CA ControlMinder Web Service                     [ RUNNING ]

# CA ControlMinder ReportAgent                     [ RUNNING ]

# CA ControlMinder Policy Model(DMS__)             [ RUNNING ]

# CA ControlMinder Policy Model(DH__)              [ RUNNING ]

# CA ControlMinder Policy Model(DH__WRITER)        [ RUNNING ]

# CA ControlMinder Policyfetcher                   [ RUNNING ]

# CA ControlMinder Agent Manager                   [ RUNNING ]

# CA ControlMinder Agent Manager(AccountManager)   [ RUNNING ]

# CA ControlMinder Agent Manager(DiscoveryAgent)   [ RUNNING ]

# CA ControlMinder Agent Manager(PupmAgent)        [ RUNNING ]

# Above shows everything is running. Following is just reference from documentation how you can check individual services.

# [[email protected]]# /opt/CA/AccessControlServer/APMS/AccessControl/bin/issec

# [[email protected]]# /opt/CA/AccessControlServer/APMS/AccessControl/bin/seload

# [[email protected]]# systemctl start jbossd

# [[email protected]]# systemctl status tomcatd

# [[email protected]]# systemctl status guacd

# [[email protected]]# systemctl status activemqd

#



# Access "CA Privileged Identity Manager Enterprise Console"

# Use browser to access http://<entm>:18080/iam/access

# The login page would appear with the AD DOMAIN NAME (in this case "LDAP1.LAB" in the DOMAIN dropdown menu.

# Login as Administrator user and password.

#